aes_platform.h 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588
  1. /*
  2. * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifndef OSSL_AES_PLATFORM_H
  10. # define OSSL_AES_PLATFORM_H
  11. # pragma once
  12. # include <openssl/aes.h>
  13. # ifdef VPAES_ASM
  14. int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
  15. AES_KEY *key);
  16. int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
  17. AES_KEY *key);
  18. void vpaes_encrypt(const unsigned char *in, unsigned char *out,
  19. const AES_KEY *key);
  20. void vpaes_decrypt(const unsigned char *in, unsigned char *out,
  21. const AES_KEY *key);
  22. void vpaes_cbc_encrypt(const unsigned char *in,
  23. unsigned char *out,
  24. size_t length,
  25. const AES_KEY *key, unsigned char *ivec, int enc);
  26. # endif /* VPAES_ASM */
  27. # ifdef BSAES_ASM
  28. void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
  29. size_t length, const AES_KEY *key,
  30. unsigned char ivec[16], int enc);
  31. void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in,
  32. unsigned char *out, size_t len,
  33. const AES_KEY *key,
  34. const unsigned char ivec[16]);
  35. void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
  36. size_t len, const AES_KEY *key1,
  37. const AES_KEY *key2, const unsigned char iv[16]);
  38. void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
  39. size_t len, const AES_KEY *key1,
  40. const AES_KEY *key2, const unsigned char iv[16]);
  41. # endif /* BSAES_ASM */
  42. # ifdef AES_CTR_ASM
  43. void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  44. size_t blocks, const AES_KEY *key,
  45. const unsigned char ivec[AES_BLOCK_SIZE]);
  46. # endif /* AES_CTR_ASM */
  47. # ifdef AES_XTS_ASM
  48. void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
  49. const AES_KEY *key1, const AES_KEY *key2,
  50. const unsigned char iv[16]);
  51. void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
  52. const AES_KEY *key1, const AES_KEY *key2,
  53. const unsigned char iv[16]);
  54. # endif /* AES_XTS_ASM */
  55. # if defined(OPENSSL_CPUID_OBJ)
  56. # if (defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC))
  57. # include "crypto/ppc_arch.h"
  58. # ifdef VPAES_ASM
  59. # define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
  60. # endif
  61. # if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX)
  62. # define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)
  63. # define HWAES_set_encrypt_key aes_p8_set_encrypt_key
  64. # define HWAES_set_decrypt_key aes_p8_set_decrypt_key
  65. # define HWAES_encrypt aes_p8_encrypt
  66. # define HWAES_decrypt aes_p8_decrypt
  67. # define HWAES_cbc_encrypt aes_p8_cbc_encrypt
  68. # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
  69. # define HWAES_xts_encrypt aes_p8_xts_encrypt
  70. # define HWAES_xts_decrypt aes_p8_xts_decrypt
  71. # define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
  72. # define AES_GCM_ENC_BYTES 128
  73. # define AES_GCM_DEC_BYTES 128
  74. size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
  75. size_t len, const void *key, unsigned char ivec[16],
  76. u64 *Xi);
  77. size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
  78. size_t len, const void *key, unsigned char ivec[16],
  79. u64 *Xi);
  80. # define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
  81. (gctx)->gcm.funcs.ghash==gcm_ghash_p8)
  82. void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
  83. # endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */
  84. # endif /* PPC */
  85. # if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64))
  86. # include "arm_arch.h"
  87. # if __ARM_MAX_ARCH__>=7
  88. # if defined(BSAES_ASM)
  89. # define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
  90. # endif
  91. # if defined(VPAES_ASM)
  92. # define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
  93. # endif
  94. # define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
  95. # define HWAES_set_encrypt_key aes_v8_set_encrypt_key
  96. # define HWAES_set_decrypt_key aes_v8_set_decrypt_key
  97. # define HWAES_encrypt aes_v8_encrypt
  98. # define HWAES_decrypt aes_v8_decrypt
  99. # define HWAES_cbc_encrypt aes_v8_cbc_encrypt
  100. # define HWAES_ecb_encrypt aes_v8_ecb_encrypt
  101. # if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64))
  102. # define ARMv8_HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
  103. # define HWAES_xts_encrypt aes_v8_xts_encrypt
  104. # define HWAES_xts_decrypt aes_v8_xts_decrypt
  105. # endif
  106. # define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
  107. # define HWAES_ctr32_encrypt_blocks_unroll12_eor3 aes_v8_ctr32_encrypt_blocks_unroll12_eor3
  108. # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES))
  109. # define AES_UNROLL12_EOR3_CAPABLE (OPENSSL_armcap_P & ARMV8_UNROLL12_EOR3)
  110. # define AES_GCM_ENC_BYTES 512
  111. # define AES_GCM_DEC_BYTES 512
  112. # if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64))
  113. # define AES_gcm_encrypt armv8_aes_gcm_encrypt
  114. # define AES_gcm_decrypt armv8_aes_gcm_decrypt
  115. # define AES_GCM_ASM(gctx) (((gctx)->ctr==aes_v8_ctr32_encrypt_blocks_unroll12_eor3 || \
  116. (gctx)->ctr==aes_v8_ctr32_encrypt_blocks) && \
  117. (gctx)->gcm.funcs.ghash==gcm_ghash_v8)
  118. /* The [unroll8_eor3_]aes_gcm_(enc|dec)_(128|192|256)_kernel() functions
  119. * take input length in BITS and return number of BYTES processed */
  120. size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  121. uint64_t *Xi, unsigned char ivec[16], const void *key);
  122. size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  123. uint64_t *Xi, unsigned char ivec[16], const void *key);
  124. size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  125. uint64_t *Xi, unsigned char ivec[16], const void *key);
  126. size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  127. uint64_t *Xi, unsigned char ivec[16], const void *key);
  128. size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  129. uint64_t *Xi, unsigned char ivec[16], const void *key);
  130. size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  131. uint64_t *Xi, unsigned char ivec[16], const void *key);
  132. size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  133. uint64_t *Xi, unsigned char ivec[16], const void *key);
  134. size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  135. uint64_t *Xi, unsigned char ivec[16], const void *key);
  136. size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  137. uint64_t *Xi, unsigned char ivec[16], const void *key);
  138. size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  139. uint64_t *Xi, unsigned char ivec[16], const void *key);
  140. size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  141. uint64_t *Xi, unsigned char ivec[16], const void *key);
  142. size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  143. uint64_t *Xi, unsigned char ivec[16], const void *key);
  144. size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
  145. unsigned char ivec[16], u64 *Xi);
  146. size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
  147. unsigned char ivec[16], u64 *Xi);
  148. void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
  149. # endif
  150. # endif
  151. # endif
  152. # endif /* OPENSSL_CPUID_OBJ */
  153. # if defined(AES_ASM) && ( \
  154. defined(__x86_64) || defined(__x86_64__) || \
  155. defined(_M_AMD64) || defined(_M_X64) )
  156. # define AES_CBC_HMAC_SHA_CAPABLE 1
  157. # define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
  158. # endif
  159. # if defined(__loongarch__) || defined(__loongarch64)
  160. # include "loongarch_arch.h"
  161. # if defined(VPAES_ASM)
  162. # define VPAES_CAPABLE (OPENSSL_loongarch_hwcap_P & LOONGARCH_HWCAP_LSX)
  163. # endif
  164. # endif
  165. # if defined(AES_ASM) && !defined(I386_ONLY) && ( \
  166. ((defined(__i386) || defined(__i386__) || \
  167. defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
  168. defined(__x86_64) || defined(__x86_64__) || \
  169. defined(_M_AMD64) || defined(_M_X64) )
  170. /* AES-NI section */
  171. # define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
  172. # ifdef VPAES_ASM
  173. # define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
  174. # endif
  175. # ifdef BSAES_ASM
  176. # define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
  177. # endif
  178. # define AES_GCM_ENC_BYTES 32
  179. # define AES_GCM_DEC_BYTES 16
  180. int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
  181. AES_KEY *key);
  182. int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
  183. AES_KEY *key);
  184. void aesni_encrypt(const unsigned char *in, unsigned char *out,
  185. const AES_KEY *key);
  186. void aesni_decrypt(const unsigned char *in, unsigned char *out,
  187. const AES_KEY *key);
  188. void aesni_ecb_encrypt(const unsigned char *in,
  189. unsigned char *out,
  190. size_t length, const AES_KEY *key, int enc);
  191. void aesni_cbc_encrypt(const unsigned char *in,
  192. unsigned char *out,
  193. size_t length,
  194. const AES_KEY *key, unsigned char *ivec, int enc);
  195. # ifndef OPENSSL_NO_OCB
  196. void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
  197. size_t blocks, const void *key,
  198. size_t start_block_num,
  199. unsigned char offset_i[16],
  200. const unsigned char L_[][16],
  201. unsigned char checksum[16]);
  202. void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
  203. size_t blocks, const void *key,
  204. size_t start_block_num,
  205. unsigned char offset_i[16],
  206. const unsigned char L_[][16],
  207. unsigned char checksum[16]);
  208. # endif /* OPENSSL_NO_OCB */
  209. void aesni_ctr32_encrypt_blocks(const unsigned char *in,
  210. unsigned char *out,
  211. size_t blocks,
  212. const void *key, const unsigned char *ivec);
  213. void aesni_xts_encrypt(const unsigned char *in,
  214. unsigned char *out,
  215. size_t length,
  216. const AES_KEY *key1, const AES_KEY *key2,
  217. const unsigned char iv[16]);
  218. void aesni_xts_decrypt(const unsigned char *in,
  219. unsigned char *out,
  220. size_t length,
  221. const AES_KEY *key1, const AES_KEY *key2,
  222. const unsigned char iv[16]);
  223. void aesni_ccm64_encrypt_blocks(const unsigned char *in,
  224. unsigned char *out,
  225. size_t blocks,
  226. const void *key,
  227. const unsigned char ivec[16],
  228. unsigned char cmac[16]);
  229. void aesni_ccm64_decrypt_blocks(const unsigned char *in,
  230. unsigned char *out,
  231. size_t blocks,
  232. const void *key,
  233. const unsigned char ivec[16],
  234. unsigned char cmac[16]);
  235. # if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
  236. size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
  237. const void *key, unsigned char ivec[16], u64 *Xi);
  238. size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
  239. const void *key, unsigned char ivec[16], u64 *Xi);
  240. void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len);
  241. # define AES_gcm_encrypt aesni_gcm_encrypt
  242. # define AES_gcm_decrypt aesni_gcm_decrypt
  243. # define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \
  244. ctx->gcm.funcs.ghash == gcm_ghash_avx)
  245. # endif
  246. # elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
  247. /* Fujitsu SPARC64 X support */
  248. # include "crypto/sparc_arch.h"
  249. # define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
  250. # define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
  251. # define HWAES_set_encrypt_key aes_fx_set_encrypt_key
  252. # define HWAES_set_decrypt_key aes_fx_set_decrypt_key
  253. # define HWAES_encrypt aes_fx_encrypt
  254. # define HWAES_decrypt aes_fx_decrypt
  255. # define HWAES_cbc_encrypt aes_fx_cbc_encrypt
  256. # define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
  257. void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
  258. void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
  259. void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
  260. const AES_KEY *key);
  261. void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
  262. const AES_KEY *key);
  263. /*
  264. * Key-length specific subroutines were chosen for following reason.
  265. * Each SPARC T4 core can execute up to 8 threads which share core's
  266. * resources. Loading as much key material to registers allows to
  267. * minimize references to shared memory interface, as well as amount
  268. * of instructions in inner loops [much needed on T4]. But then having
  269. * non-key-length specific routines would require conditional branches
  270. * either in inner loops or on subroutines' entries. Former is hardly
  271. * acceptable, while latter means code size increase to size occupied
  272. * by multiple key-length specific subroutines, so why fight?
  273. */
  274. void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  275. size_t len, const AES_KEY *key,
  276. unsigned char *ivec, int /*unused*/);
  277. void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  278. size_t len, const AES_KEY *key,
  279. unsigned char *ivec, int /*unused*/);
  280. void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  281. size_t len, const AES_KEY *key,
  282. unsigned char *ivec, int /*unused*/);
  283. void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  284. size_t len, const AES_KEY *key,
  285. unsigned char *ivec, int /*unused*/);
  286. void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  287. size_t len, const AES_KEY *key,
  288. unsigned char *ivec, int /*unused*/);
  289. void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  290. size_t len, const AES_KEY *key,
  291. unsigned char *ivec, int /*unused*/);
  292. void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  293. size_t blocks, const AES_KEY *key,
  294. unsigned char *ivec);
  295. void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  296. size_t blocks, const AES_KEY *key,
  297. unsigned char *ivec);
  298. void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  299. size_t blocks, const AES_KEY *key,
  300. unsigned char *ivec);
  301. void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
  302. size_t blocks, const AES_KEY *key1,
  303. const AES_KEY *key2, const unsigned char *ivec);
  304. void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
  305. size_t blocks, const AES_KEY *key1,
  306. const AES_KEY *key2, const unsigned char *ivec);
  307. void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
  308. size_t blocks, const AES_KEY *key1,
  309. const AES_KEY *key2, const unsigned char *ivec);
  310. void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
  311. size_t blocks, const AES_KEY *key1,
  312. const AES_KEY *key2, const unsigned char *ivec);
  313. # elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
  314. /* IBM S390X support */
  315. # include "s390x_arch.h"
  316. /* Convert key size to function code: [16,24,32] -> [18,19,20]. */
  317. # define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
  318. /* Most modes of operation need km for partial block processing. */
  319. # define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
  320. S390X_CAPBIT(S390X_AES_128))
  321. # define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
  322. S390X_CAPBIT(S390X_AES_192))
  323. # define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
  324. S390X_CAPBIT(S390X_AES_256))
  325. # define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
  326. # define S390X_aes_192_cbc_CAPABLE 1
  327. # define S390X_aes_256_cbc_CAPABLE 1
  328. # define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE
  329. # define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE
  330. # define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE
  331. # define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \
  332. (OPENSSL_s390xcap_P.kmo[0] & \
  333. S390X_CAPBIT(S390X_AES_128)))
  334. # define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \
  335. (OPENSSL_s390xcap_P.kmo[0] & \
  336. S390X_CAPBIT(S390X_AES_192)))
  337. # define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \
  338. (OPENSSL_s390xcap_P.kmo[0] & \
  339. S390X_CAPBIT(S390X_AES_256)))
  340. # define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \
  341. (OPENSSL_s390xcap_P.kmf[0] & \
  342. S390X_CAPBIT(S390X_AES_128)))
  343. # define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \
  344. (OPENSSL_s390xcap_P.kmf[0] & \
  345. S390X_CAPBIT(S390X_AES_192)))
  346. # define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \
  347. (OPENSSL_s390xcap_P.kmf[0] & \
  348. S390X_CAPBIT(S390X_AES_256)))
  349. # define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
  350. S390X_CAPBIT(S390X_AES_128))
  351. # define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
  352. S390X_CAPBIT(S390X_AES_192))
  353. # define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
  354. S390X_CAPBIT(S390X_AES_256))
  355. # define S390X_aes_128_cfb1_CAPABLE 0
  356. # define S390X_aes_192_cfb1_CAPABLE 0
  357. # define S390X_aes_256_cfb1_CAPABLE 0
  358. # define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
  359. # define S390X_aes_192_ctr_CAPABLE 1
  360. # define S390X_aes_256_ctr_CAPABLE 1
  361. # define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
  362. # define S390X_aes_256_xts_CAPABLE 1
  363. # define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \
  364. (OPENSSL_s390xcap_P.kma[0] & \
  365. S390X_CAPBIT(S390X_AES_128)))
  366. # define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \
  367. (OPENSSL_s390xcap_P.kma[0] & \
  368. S390X_CAPBIT(S390X_AES_192)))
  369. # define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \
  370. (OPENSSL_s390xcap_P.kma[0] & \
  371. S390X_CAPBIT(S390X_AES_256)))
  372. # define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \
  373. (OPENSSL_s390xcap_P.kmac[0] & \
  374. S390X_CAPBIT(S390X_AES_128)))
  375. # define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \
  376. (OPENSSL_s390xcap_P.kmac[0] & \
  377. S390X_CAPBIT(S390X_AES_192)))
  378. # define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \
  379. (OPENSSL_s390xcap_P.kmac[0] & \
  380. S390X_CAPBIT(S390X_AES_256)))
  381. # define S390X_CCM_AAD_FLAG 0x40
  382. # ifndef OPENSSL_NO_OCB
  383. # define S390X_aes_128_ocb_CAPABLE 0
  384. # define S390X_aes_192_ocb_CAPABLE 0
  385. # define S390X_aes_256_ocb_CAPABLE 0
  386. # endif /* OPENSSL_NO_OCB */
  387. # ifndef OPENSSL_NO_SIV
  388. # define S390X_aes_128_siv_CAPABLE 0
  389. # define S390X_aes_192_siv_CAPABLE 0
  390. # define S390X_aes_256_siv_CAPABLE 0
  391. # endif /* OPENSSL_NO_SIV */
  392. /* Convert key size to function code: [16,24,32] -> [18,19,20]. */
  393. # define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
  394. # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
  395. /* RISC-V 64 support */
  396. # include "riscv_arch.h"
  397. /* Zkne and Zknd extensions (scalar crypto AES). */
  398. int rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
  399. AES_KEY *key);
  400. int rv64i_zknd_set_decrypt_key(const unsigned char *userKey, const int bits,
  401. AES_KEY *key);
  402. void rv64i_zkne_encrypt(const unsigned char *in, unsigned char *out,
  403. const AES_KEY *key);
  404. void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out,
  405. const AES_KEY *key);
  406. /* Zvkned extension (vector crypto AES). */
  407. int rv64i_zvkned_set_encrypt_key(const unsigned char *userKey, const int bits,
  408. AES_KEY *key);
  409. int rv64i_zvkned_set_decrypt_key(const unsigned char *userKey, const int bits,
  410. AES_KEY *key);
  411. void rv64i_zvkned_encrypt(const unsigned char *in, unsigned char *out,
  412. const AES_KEY *key);
  413. void rv64i_zvkned_decrypt(const unsigned char *in, unsigned char *out,
  414. const AES_KEY *key);
  415. void rv64i_zvkned_cbc_encrypt(const unsigned char *in, unsigned char *out,
  416. size_t length, const AES_KEY *key,
  417. unsigned char *ivec, const int enc);
  418. void rv64i_zvkned_cbc_decrypt(const unsigned char *in, unsigned char *out,
  419. size_t length, const AES_KEY *key,
  420. unsigned char *ivec, const int enc);
  421. void rv64i_zvkned_ecb_encrypt(const unsigned char *in, unsigned char *out,
  422. size_t length, const AES_KEY *key,
  423. const int enc);
  424. void rv64i_zvkned_ecb_decrypt(const unsigned char *in, unsigned char *out,
  425. size_t length, const AES_KEY *key,
  426. const int enc);
  427. void rv64i_zvkb_zvkned_ctr32_encrypt_blocks(const unsigned char *in,
  428. unsigned char *out, size_t blocks,
  429. const void *key,
  430. const unsigned char ivec[16]);
  431. size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt(const unsigned char *in,
  432. unsigned char *out, size_t len,
  433. const void *key,
  434. unsigned char ivec[16], u64 *Xi);
  435. size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt(const unsigned char *in,
  436. unsigned char *out, size_t len,
  437. const void *key,
  438. unsigned char ivec[16], u64 *Xi);
  439. void rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt(const unsigned char *in,
  440. unsigned char *out, size_t length,
  441. const AES_KEY *key1,
  442. const AES_KEY *key2,
  443. const unsigned char iv[16]);
  444. void rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt(const unsigned char *in,
  445. unsigned char *out, size_t length,
  446. const AES_KEY *key1,
  447. const AES_KEY *key2,
  448. const unsigned char iv[16]);
  449. void gcm_ghash_rv64i_zvkg(u64 Xi[2], const u128 Htable[16], const u8 *inp,
  450. size_t len);
  451. #define AES_GCM_ENC_BYTES 64
  452. #define AES_GCM_DEC_BYTES 64
  453. #define AES_gcm_encrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt
  454. #define AES_gcm_decrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt
  455. #define AES_GCM_ASM(ctx) \
  456. (ctx->ctr == rv64i_zvkb_zvkned_ctr32_encrypt_blocks && \
  457. ctx->gcm.funcs.ghash == gcm_ghash_rv64i_zvkg)
  458. # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
  459. /* RISC-V 32 support */
  460. # include "riscv_arch.h"
  461. int rv32i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
  462. AES_KEY *key);
  463. /* set_decrypt_key needs both zknd and zkne */
  464. int rv32i_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits,
  465. AES_KEY *key);
  466. int rv32i_zbkb_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
  467. AES_KEY *key);
  468. int rv32i_zbkb_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits,
  469. AES_KEY *key);
  470. void rv32i_zkne_encrypt(const unsigned char *in, unsigned char *out,
  471. const AES_KEY *key);
  472. void rv32i_zknd_decrypt(const unsigned char *in, unsigned char *out,
  473. const AES_KEY *key);
  474. # endif
  475. # if defined(HWAES_CAPABLE)
  476. int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
  477. AES_KEY *key);
  478. int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
  479. AES_KEY *key);
  480. void HWAES_encrypt(const unsigned char *in, unsigned char *out,
  481. const AES_KEY *key);
  482. void HWAES_decrypt(const unsigned char *in, unsigned char *out,
  483. const AES_KEY *key);
  484. void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
  485. size_t length, const AES_KEY *key,
  486. unsigned char *ivec, const int enc);
  487. void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out,
  488. size_t length, const AES_KEY *key,
  489. const int enc);
  490. void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
  491. size_t len, const void *key,
  492. const unsigned char ivec[16]);
  493. # if defined(AES_UNROLL12_EOR3_CAPABLE)
  494. void HWAES_ctr32_encrypt_blocks_unroll12_eor3(const unsigned char *in, unsigned char *out,
  495. size_t len, const void *key,
  496. const unsigned char ivec[16]);
  497. # endif
  498. void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
  499. size_t len, const AES_KEY *key1,
  500. const AES_KEY *key2, const unsigned char iv[16]);
  501. void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
  502. size_t len, const AES_KEY *key1,
  503. const AES_KEY *key2, const unsigned char iv[16]);
  504. # ifndef OPENSSL_NO_OCB
  505. # ifdef HWAES_ocb_encrypt
  506. void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
  507. size_t blocks, const void *key,
  508. size_t start_block_num,
  509. unsigned char offset_i[16],
  510. const unsigned char L_[][16],
  511. unsigned char checksum[16]);
  512. # else
  513. # define HWAES_ocb_encrypt ((ocb128_f)NULL)
  514. # endif
  515. # ifdef HWAES_ocb_decrypt
  516. void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
  517. size_t blocks, const void *key,
  518. size_t start_block_num,
  519. unsigned char offset_i[16],
  520. const unsigned char L_[][16],
  521. unsigned char checksum[16]);
  522. # else
  523. # define HWAES_ocb_decrypt ((ocb128_f)NULL)
  524. # endif
  525. # endif /* OPENSSL_NO_OCB */
  526. # endif /* HWAES_CAPABLE */
  527. #endif /* OSSL_AES_PLATFORM_H */